BIND, NS Records, and CNAME’s

While troubleshooting sending email to a particular domain.

I found that BIND would return a SERVFAIL for every query against that domain.

This is an invalid and bad DNS configuration, as documented in: RFC2181 (10.3), RFC1912 (2.4).

; <<>> DiG 9.4.3-P2 <<>> dns2.example.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER< ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0;; QUESTION SECTION: ;dns2.example.com. IN A;; ANSWER SECTION: dns2.example.com. 86400 IN CNAME ns2.example.com. ns2.example.com. 86400 IN A 192.0.2.4;; AUTHORITY SECTION: example.com. 86400 IN NS dns1.example.com. example.com. 86400 IN NS dns2.example.com. ;; Query time: 166 msec ;; SERVER: 192.0.2.7#53(192.0.2.7) ;; WHEN: Thu Feb 27 11:49:36 2014 ;; MSG SIZE rcvd: 101

Random Synaptics

Security, routers, and geek

BIND, NS Records, and CNAME’s